The Stress Management Society are a “data controller” for the purposes of the Data Protection act 1998 and (from
25 May 2018) the EU General Data Protection Regulation 2016/679 (“Data Protection Law”). This means we are responsible
for, and control the processing of, your personal information. We are committed to ensuring that your privacy
is protected. Should we ask you to provide certain information by which you can be identified when using this
website, then you can be assured that it will only be used in accordance with this privacy statement. The Stress
Management Society may change this policy from time to time by updating this page. You should check this page
from time to time to ensure that you are happy with any changes. This policy is effective from 25th May 2018.
This privacy policy sets out how The Stress Management Society uses and protects any information that you give
organisation when you use this website (
www.stressmanagementsociety.com or
www.stress.org.uk). For further information about our privacy practices, please contact our Data Protection
Officer by:

Are contracted through an employer to take a stress risk audit or any of our other corporate services

2. What information we collect about you

Personal Information

Name and job title, organisation (where relevant)

Contact information including email address, telephone number

Demographic information such as address, postcode, preferences and interests, organisation size and industry

Other information relevant to customer surveys and/or offers

When you call us or send details via post or meet us in person

Credit/debit card details (if you are making a purchase or donation)

Information relating to your membership applications such as date of birth, education history, professional training
history and qualifications, memberships of other professional bodies and references contact details.

Copies of email history where we have corresponded

Notes on any phone calls we may have

Sensitive Information

Clients will be advised before we consult on a one-to-one basis that we collect sensitive information using a password protected
survey to ascertain past medical history, current personal mental wellbeing and general life outlook. The information
will be stored on our encrypted server in a password protected folder; access will be granted to the project
manager and designated coach only. Sensitive information will be deleted at the end of the project or when requested
in writing. Sensitive information will be gathered through face-to-face or phone interviews, business data provided
by clients or emails. We can and will adhere to any provided Non-disclosure Agreement.

3. What we do with the information we gather:

We require this information to understand your needs and provide you with a better service, and in particular for
the following reasons:

To provide the services of goods that you have requested

To update you with important administrative messages about your donation, membership, an event or services or
goods you have requested

Internal record keeping to keep a record of your relationship with us

We may use the information to improve our products and services.

We may periodically send promotional emails about new products, special offers or other information which we
think you may find interesting using the email address which you have provided

For quality and training purposes

From time to time, we may also use your information to contact you for market research purposes. We may contact
you by email, phone, fax or mail. We may use the information to customise the website according to your interests.

4. Legal basis for using your information

In some cases, we will only use your personal information where we have your consent or because we need to use it in order
to fulfil a contract with you (for example, because you have placed an order on our website or by phone or email).
However, there are other lawful reasons that allow us to process your personal information and one of those is
called ‘legitimate interests’. This means that the reason that we are processing information is because there
is a legitimate interest for The Stress Management Society to process your information to help us to ensure that
everyone experiencing a problem with stress or wellbeing gets both support. Whenever we process your Personal
Information under the ‘legitimate interest’ lawful basis we make sure that we take into account your rights and
interests and will not process your personal information if we feel that there is an imbalance. Some examples
of where we have a legitimate interest to process your Personal information are where we contact you about our
work via post, use your personal information for data analytics, conducting research to better understand the
causes of stress and poor wellbeing, improving our services, for our legal purposes (for example, dealing with
complaints and claims), or for complying with guidance.

5. Marketing

We will only contact you about our work phone, email or direct mail, if you have agreed for us to contact you by opting in
to our communication. We will contact you if you submit a contact us form or business consultation form via the
site, but you will have the opportunity to opt in or opt out from our database. You can update your choices or
stop us sending you these communications at any time by contacting dpo@stress.org.uk or clicking the unsubscribe
link at the bottom of the relevant communication.

6. Sharing Your Information

The information you provide us with is mainly accessed by members of staff at The Stress Management Society. We may provide
your information to our Partners or Suppliers who are required to comply with Data Protection Laws and ensure
that they have appropriate controls in place to secure your information. We will not sell, distribute or lease
your personal information to third parties unless we have your permission or are required by law to do so. We
may use your personal information to send you promotional information about third parties which we think you
may find interesting if you tell us that you wish this to happen. You may request details of personal information
which we hold about you under the Data Protection Act 1998. If you would like a copy of the information held
on you please write to The Stress Management Society, Suite S, Salamander Quay, Quay West, Harefield, Middlesex,
UB9 6NZ.

7. Keeping your information safe

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have
put in place suitable physical, electronic and managerial procedures to safeguard and secure the information
we collect online and offline. Our website contains links to our sister companies, which are covered by this
privacy policy. By agreeing to disclose your personal information to The Stress Management Society or our sister
companies: Praesto Training and Development (
www.praesto.uk.com), Feel Karma (
www.feelkarma.com) and Stress Mood Cards (
www.stressmoodcards.com) will be governed by this privacy statement Our website may also contain links to
other websites of interest. However, once you have used these links to leave our site, you should note that we
do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy
of any information which you provide whilst visiting such sites and such sites are not governed by this privacy
statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Any debit or credit card details which we receive on our websites are passed securely to PayPal or Stripe our
payment processing partners, according to the Payment Card Industry Security Standards. 8. How long we hold your
information for We only keep it as long as is reasonable and necessary for the relevant activity, which may be
to fulfil statutory obligations.

9. Your Rights

You have various rights in respect of the personal information we hold about you – these are set out in more detail
below. If you wish to exercise any of these rights or make a complaint, you can do so by contacting Data Protection
Officer at The Stress Management Society, Suite S, Quay West, Salamander Quay, Harefield, UB9 6NZ, by email at
dpo@stress.org.uk and by phone on
0203 142 8650. You can also make a complaint to the Information Commissioner’s Office,
https://ico.org.uk/:

Access to your personal information: You have the right to request access to a copy of the personal information
that we hold about you, along with information on what personal information we use, why we use it, who we share
it with, how long we keep it for and whether it has been used for any automated decision making. You can make
a request for access free of charge. Please make all requests for access in writing, and provide us with evidence
of your identity.

Right to object: You can object to our processing of your personal information where we are relying on
a legitimate interest (or those of a third party) and there is something about your particular situation which
makes you want to object to processing on this ground. You also have the right to object where we are processing
your personal information for direct marketing purposes. Please contact us as noted above, providing details
of your objection.

Consent: If you have given us your consent to use personal information (for example, for marketing), you
can withdraw your consent at any time.

Rectification: You can ask us to change or complete any inaccurate or incomplete personal information held
about you.

Erasure: You can ask us to delete your personal information where it is no longer necessary for us to use
it, you have withdrawn consent, or where we have no lawful basis for keeping it.

Portability: You can ask us to provide you or a third party with some of the personal information that
we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.

Restriction: You can ask us to restrict the personal information we use about you where you have asked
for it to be erased or where you have objected to our use of it.

No automated-decision making: Automated decision-making takes place when an electronic system uses personal
information to make a decision without human intervention. You have the right not to be subject to automated
decisions that will create legal effects or have a similar significant impact on you, unless you have given
us your consent, it is necessary for a contract between you and us or is otherwise permitted by law. You also
have certain rights to challenge decisions made about you. We do not currently carry out any automated decision-making.

Please note, some of these rights only apply in certain circumstances and we may not be able to fulfil every request.

10. Cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the
file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies
allow web applications to respond to you as an individual. The web application can tailor its operations to your
needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic
and improve our website in order to tailor it to customer needs. We only use this information for statistical
analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful
and which you do not. A cookie in no way gives us access to your computer or any information about you, other
than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually
modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage
of the website.